.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.png?)
Last updated on: 17 June 2024
Privacy
Please read this privacy statement if you would like to know more about the way Online Payment Platform Ltd. (hereinafter referred to as “OPP”, “we”, “us, or “our”) collect and further process your personal data.
Simple structure and language
We summarized our privacy statement for you on this page with clear language.
- Personal info
- What you control
- How it’s used
- How it’s stored
Introduction
At Online Payment Platform Limited we take your data protection seriously. The purpose of this Privacy Statement is to explain how we use any personal data we collect about you when you use this website as a client or prospective client, and also when you become a client.
It is important to us that your personal data is treated with care and that you are well informed about the way we process your personal data. We have written this Privacy Statement to tell you which personal data about you we process, how, why and how long we do this for and to inform you about your rights.
It is important that you read and understand this Privacy Statement so you are aware about the way that Online Payment Platform Limited collects and further processes your personal data.
When we collect and process your personal data we are subject to the UK General Data Protection Regulation (UK GDPR).
Who we are
Online Payment Platform Limited is an online payment platform, facilitating online payment services for our clients that have integrated with our software.
Online Payment Platform Limited is authorised and regulated by the Financial Conduct Authority (‘FCA’) as an authorised electronic money institution.
In this Privacy Statement we refer to Online Payment Platform Limited as ‘OPPL’, ‘we’, ‘us’, our’.
Third-party links
Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements.
It is important to remember that when you follow a link to any of these websites or leave our website to use the services of a third party website, this Privacy Statement will not apply. When you browse or interact with any other website, or third party service provider, you must check that website or service provider’s own privacy notice and procedures for handling your personal data before you submit any personal data to these websites.
Information we collect about you
We may collect, use, store and transfer different kinds of information relating to you (your personal data) in connection with your use of our website, which we have grouped together as follows:
- Contact data includes billing address, email address and telephone number.
- Identity data includes first name, last name, username, a copy of your passport or other relevant identification document, tax identification number or national insurance number (if legally required).
- Know Your Customer (KYC) data includes your identity and contact data, your bank account number, you legal representative and shareholders, the ultimate beneficial owner(s) information, bank statements, your signature and an extract of your company registration document, and / or other additional information required to identify you as an individual and/or company and to fully understand our business relationship with you.
- Transaction data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website
- Technical data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
- Usage data includes information about how you use our website or our services.
- Marketing and Communications data includes your preferences in receiving marketing content from us, e.g.newsletters.
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your information changes during your relationship with us.
How we collect your personal information
We may use different methods to collect data from and about you including through:
- Direct interactions via our Website, our portal for payment services, our payment systems, our support system, post, e-mail or phone. You may give us information about your identity, contact and financial data by using our services, filling in forms, by engaging in transactions or by corresponding with us by post, phone, email, social media or otherwise. This includes personal data you provide when you:
- Request to create an account;
- Request marketing information to be sent to you;
- Request help solving technical or payment related issues.
- Give us feedback or contact us;
- Indirect automated technologies or interactions. As you interact with our website and software, we will automatically collect technical data about your, equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. Please see Cookie Statement for further details.
We may also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity.
If you fail to provide personal information
We will only use your personal data if we have a reason permissible by the UK GDPR. Most commonly, we will use your personal data in the following circumstances:
- Where you have requested us to perform our services pursuant to a contract or to take steps at your request before entering into a contract.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal or regulatory obligation.
Purposes for which we will use your personal data
We have set out below an overview of the ways in which we use your data, and which of the lawful basis we rely upon to do so.
We have also identified what our legitimate interests are where appropriate. Note that we may process your personal data for different purposes and, hence, more than one lawful ground. Please contact us if you need details about the specific lawful ground we are relying on to process your personal data, where more than one ground is listed in the table below.
| Purpose/activity | Type of data | Lawful basis for processing |
|
When you visit our website Direct marketing:
|
|
Legitimate interests |
|
When you sign up as a new client Onboarding process:
|
|
|
|
When you use our Services Including:
|
|
|
|
As part of a transaction between you, as our client, and the individual or entity who is making payment to you via OPPL’s systems
|
|
|
|
Enforcing legal rights or defending or undertaking legal proceedings
|
|
Depending on the circumstances:
|
|
Disclosures and other activities necessary to comply with legal and regulatory obligations that apply to our business (OPPL is authorised and regulated by the Financial Conduct Authority (‘FCA’) as an authorised electronic money institution.) |
|
|
|
Social Media Information that we collect incidentally from other sources or public sources, including information presented on our social media or wider social media platforms including Facebook, X and Instagram. We use this information, including to:
|
|
|
Who we share your information with
We need the support of third-party service providers to be able to offer you our website and our services. Where necessary we will disclose your information to our service providers and professional advisers (including IT providers, KYC partners, customer relationship management (CRM) providers, marketing support providers, social media providers such as LinkedIn, analysts, customer service providers, business development providers and legal service providers, database providers, backup and disaster recovery specialists, and email providers).
We have concluded agreements with our service providers to protect your personal data. Our suppliers and service providers will be required to meet our standards on processing information and security. The information we provide them, including your information, will only be provided in connection with the performance of their function. They will not be permitted to use your information for any purposes other than those outlined in this Privacy Statement.
Your personal data may also be shared with other third parties, when required by law.
Where do we transfer your personal data
Some of the information you send us may be disclosed to other OPPL group companies in other European Union (EU) member states when this is necessary for the purposes mentioned above. We do not transfer your personal data to countries outside the European Economic Area (EEA).
How do we protect your data?
We are committed to keeping your personal data secure. We have appropriate technological and organisational precautions to protect your personal data from loss, misuse, or alteration:
- All information you provide to us is stored on secure servers
- We use strict procedures and have implemented security features to limit access to your personal data to those who have a genuine need to access it.
- All of our third-party service providers are obliged to respect the confidentiality of your personal information.
How long do we keep your information?
- We will only keep your data for as long as we reasonably need it for the purposes listed in our table above.
- The retention terms above can be longer if we are required to keep data longer as required by law, including a legal or regulatory obligation, whether of the FCA or otherwise, or to administer our business.
- If we need to keep any information longer for the purposes of enforcing legal rights or defending or undertaking legal proceedings, we will keep the necessary information for this purpose until the relevant claim(s) has/have been settled.
Your rights in detail
You have the right to:
Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
- If you want us to establish the data's accuracy.
- Where our use of the data is unlawful, but you do not want us to erase it.
- Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
- You have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it.
Request the transfer of your personal data to you or to a third party where processing is carried out by automated means.
If you wish to exercise any of these rights, please use our contact details below. When contacting us please:
- provide enough information to identify yourself (eg your full name, address and client or matter reference number) and any additional identity information we may reasonably request from you, and
- let us know which right(s) you want to exercise and the information to which your request relates Please note that as an FCA authorised and regulated company we will have to consider our regulatory obligations when responding to your request.
Please note that as an FCA authorised and regulated company we will have to consider our regulatory obligations when responding to your request.
Glossary
Legitimate interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where the impact on you is overridden by our interests (unless we have your consent or are otherwise required or permitted to by law).
Performance of a contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.
Comply with a legal or regulatory obligation means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.
How to contact us or to make a complaint
We have appointed a Data privacy manager to oversee compliance with this Privacy Statement. If you have any questions about this Privacy Statement or how we handle your personal information, please contact us:
- Our address: WeWork Office - 10 York Rd, London SE1 7ND United Kingdom
- Email: dataprotection@onlinepaymentplatform.com
If you have any concerns or comments about how we use information, we would like to hear from you. Alternatively, you may contact the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues for guidance and advice, or to lodge a complaint. The ICO may be contacted at:
Online: www.ico.org.uk
Post: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Telephone: 0303 123 1113 (local rate) or 01625 545745 (national rate)
Changes to this Privacy Statement
We may need to change this notice from time to time to reflect changes in the way we use personal information or because of changes to the law. We reserve the right to make those changes as necessary and we recommend you revisit the website from time to time to check for any changes. If appropriate we will also notify you by email. Privacy Statement version 1: 04 June 2025
How to contact us or to make a complaint
For more information you can contact us:
- Our address: Kanaalweg 1, 2628 EB, Delft
- Email: privacy@onlinepaymentplatform.com
OPP is a Financial Institution that requires that we have a Data Protection Officer (DPO). You can contact the DPO officer at the same email address: privacy@onlinepaymentplatform.com.
You also have the right to make a complaint to the Autoriteit Persoonsgegevens at www.autoriteitpersoonsgegevens.nl for the Netherlands or any other competent Supervisory Authority in the EEA or the Information Commissioner’s Office at www.ico.org.uk for the UK
Changes to this Privacy Statement
This version was last updated on 27 November 2023 and historic versions can be obtained by contacting us.
We may need to change this notice from time to time to reflect changes in the way we use personal information or because of changes to the law. We reserve the right to make those changes as necessary and we recommend you revisit the website from time to time to check for any changes. If appropriate we will also notify you by email.
Manage and delete data
If you log into your account at Online Payment Platform, you can see at any time which of your data we have stored. If you would like to have your data deleted, please create a request ticket on our support page.
We will then delete all data that we are not legally obliged to store. After the data has been deleted, you will no longer be able to use the services of Online Payment Platform unless you log in again.
.png){kind=logo}
.png?width=75&height=51&name=Worldline%20(2).png)